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Conditional Access System 
Field of the Invention 

The present invention relates generally to the field of broadcast and reception, 
J particularly but not exclusively to a conditional access system in a digital satellite 
television system. More particularly, aspects of the present invention relate to the 
transfer of entitlement control messages in a channel separate from the broadcast 
channel. 

iO Bacliground 

Conditional access systems are well known and widely used in conjunction with 
currendy available pay television systems. At present, such systems are based on the 
transmission of programmes scrambled with control words which are received by 
subscribers having a set-top box and a smart card for each subscription package. 

IS The smart card for a subscription package from a particular service provider allows 
the scrambled programmes within the package to be descrambled and viewed. The 
broadcast stream further contains entitlement management messages and 
entidement control messages, which are necessary for the smart card to descramble 
the broadcast. The terms scrambled and encrypted are used interchangeably in this 

20 application. 

WO 98/43426 discloses a digital satellite television system in which the entidement 
management messages are transmissible to the set-top box via a modem based back 
channel, rather than via the broadcast channeL This is done to speed up viewer 

2S authorisation in viewing systems such as pay-per-view, since there is a certain time 
delay before the subscriber authorisation system (SAS) can include the proper 
entitlement management messages in the broadcast stream. However, the 
entidement control messages which contain the control word in an encrypted 
format are sent via the broadcast channel. The control word is decrypted at the set- 

30 top box by means of a smart card. 
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Summary of the Invention 

According to the present invention, there is provided a conditional access system 
comprising a first transmitter for transmitting a scrambled broadcast stream and a 
second transmitter for transmitting a pluraUty of control messages separate from the 
broadcast stream, said control messages including information for descrambling the 
broadcast stream. 

The control messages may be sufficient on their own to allow the broadcast stream 
to be descrambled. 



By separating the broadcast and control message channels, the need for a smart card 
can be obviated, since the information for descrambhng the broadcast stream can be 
incorporated in said control messages without being encrypted. While the control 
messages can then be encrypted for transmission over a secure link, for example 

15 over a virtual private network using a protocol such as the https secure sockets 
protocol, the unencrypted control words are recovered at the receiver side of the 
secure Unk, so that the decoder does not require a smart card for decryption. 
Advantageously, since the decoder is thereby provided with ready to use decryption 
keys, the decoder can be made to be independent of any speciaUsed conditional 

20 access system. 

Additional security can be provided by encrypting the information for descrambUng 
the broadcast stream into the control messages, which gives rise to the need for a 
smart card, such as a virtual or software smart card, at the decoder. 

25 

According to the invention, there is further provided a conditional access system 
comprising a first receiver for receiving a scrambled broadcast stream and a second 
receiver for receiving a plurality of control messages separate from the broadcast 
stream, the control messages including information for descrambling die broadcast 
30 stream. 
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The invention furthei provides a decoder for use in a conditiional access system for 
decrypting encrypted broadcast content, comprising a first input module for 
receiving said encrypted broadcast content from a first communications channel and 
a second input module for receiving a plurality of control messages from a second 
5 communications channel, said control messages containing descrambling 
information for decrypting said broadcast content. 

According to the invention, there is also provided a method for use in a conditional 
access system, in which a scrambled broadcast stream is transmitted to a decoder, 
10 said decoder being operable to receive a plurality of control messages including 

information for descrambling the broadcast stream, the method comprising sending 
said control messages to said decoder separately from said broadcast stream. 

The invention yet further provides a method for use in a conditional access system, 
15 in which a scrambled broadcast stream is transmitted to a first decoder and a second 
decoder, said first and second decoders being operable to receive a pluiaUty of 
control messages including information for descrambling the broadcast stream, the 
method comprising receiving a request to transmit a plurality of control messages to 
said second decoder separately from the broadcast stream. 

20 

Roaming can thereby be facilitated- By denying a service to the first decoder while 
the control message strearh is being sent to the second decoder, use of the service at 
the subscriber's home location can be prevented whilst roaming. 

25 The first decoder does not need to have the abiUty to receive control messages 
separately and can be a conventional decoder. 

According to the invention, there is additionally provided a conditional access 
system, comprising a first communications channel for carrying a broadcast stream, 
30 said stream being scrambled with a stream of control words and a second 

communications channel separate from the first channel for carrying a stream of 
entitiement control messages, said enridement control messages incorporating 
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information relating to the stream of control words for descrambling the broadcast 

stream. 

The entidement control messages can alone contain all of the information required 
5 to descramble the broadcast stream, so that there is no need for other messages, 
such as entidement management messages, to be transmitted. Furthermore, in this 
case, a decoder for descrambling the broadcast stream does not require a smart 
card. 

Brief Description of the Drawings 

Embodiments of the invention will now be described, by way of example, with 
reference to the accompanying drawings, in which: 

Figure 1 is a schematic diagram of a conventional conditional access system; 
Figure 2 is a schematic diagram illustrating the flow of encrypted information and 
control information in the system of Figure 1; 

Figure 3 is a schematic diagram illustrating a conditional access system according to 

the invention; 

Figure 4 is a flow diagram illustrating the operation of the system of Figure 3; and 
Figure 5 is a schematic diagram illustrating the flow of encrypted information and 
control information in the system of Figure 3, 

Detailed Description 

Referring to Figure 1, in a conventional conditional access system, content to be 
broadcast, including for example, video, audio and data components, is encoded in 
an encoder 1 using an appropriate coding system, for example MPEG-II for digital 
broadcasting. The encoded broadcast stream is encrypted ot scrambled in a 
scrambler 2 under the control of a control word CW generated by a control word 
generator 3 in a manner which is well-known per se. The control word is encrypted 
into an Entidement Control Message (ECM) by an ECM generator 4 together with 
30 access criteria which identify the service and the conditions required to access the 
service. For example, the access criteria may specify regional limitations on the 
broadcast. A further type of message, referred to as an Entidement Management 
Message (EMM), which carries details of the subscriber and his subscription is 
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generated by an EMM generator 5. While an ECM message is associated with a 
scrambled programme or set of programmes and carries the information required to 
decrypt those programmes, an EMM message is a message dedicated to an 
individual user or group of users and carries the information necessary to determine 
5 whether those users have the necessary subscriptions in place to be able to view the 
programmes. 

The scrambled encoded broadcast stream together with the ECM and EMM 
messages is multiplexed in a multiplexer 6 with other broadcast streams representing 

10 other programmes, together making up a subscription package from a particular 
service provider. The package is sent to a transmitter 7 from which it is 
transmitted, via a communications channel 8, for example a satellite or cable 
channel, using an appropriate modulation scheme. The scrambled encoded 
broadcast stream is received at a subscriber's receiver 9, for example a satellite dish, 

15 and passed to the subscriber's set-top box 10. 

On receipt at a set-top box (STB) 10, the received data is demultiplexed in a 
demultiplexer 11, to extract the required programme and its associated ECM and 
EMM messages. The extracted ECM and EMM messages are sent to a plug-in 

20 smart card 12. The smart card 12 uses the ECM and EMM messages to determine 
whether the subscriber has the right to view the broadcast and if so, to decrypt the 
control word CW, which is input to a descrambler 13 together with the scrambled 
broadcast stream to recover the original MPEG-II encoded broadcast stream. The 
encoded stream is passed to an MPEG-II decoder 1 4 which produces an output 

25 signal comprising audio, video and data components for display on the subscriber's 
television 15. 

The control word comprises alternating odd and even control words which are 
alternated at, for example, two second intervals. Each control word is changed at 
30 predetermined intervals, for example, every twenty seconds. A continuous stream 
of ECM messages is therefore requited to descramble the scrambled signal. The 
EMM message can be updated less frequently. 
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The conventional form of ECM and EMM messages is defined in the intetnational 
standard ISO lEC 13818-1, the entire contents of which are incorporated herein by 

reference. 

5 Figure 2 illustrates the flow of signal data and the control word (CW) within the 
system of Figure 1. On the transmitter side, the control word CW is used to 
encrypt the unencrypted broadcast signal S in the scrambler 2 to generate an 
encrjrpted signal E(S). This is passed to the multiplexer 6 together with the 
encrypted control word E(CW) generated by the encryption module 4, On the 

10 receiver side, the encrypted signal E(S) and encrypted control word E(CW) from the 
multiplexer 6 are fed to the demultiplexer 11. This outputs the encrypted signal 
E(S) to the descrambler 13 and the encrypted control word E(CW) to the smart card 
decryption module 12. The smart card 12 contains the cryptographic key necessary 
to decrypt the encrypted control word E(CW) to reproduce the original control 

15 word CW. This is used in the descrambler 13 to desctamble the encrypted signal 
E(S) to reproduce the original signal S. 

Figure 3 shows an embodiment of the invention which is a modification of the 
system of Figure 1. In the conditional access system shown in Figure 3, rather than 

20 sending the ECM messages along with the broadcast channel, the ECM messages 
are sent on a separate channel. Referring to Figures 3 and 4, broadcast content is 
encoded using an MPEG-II encoder 1 (step si). A control word is generated by a 
control word generator 3 (step s2) and the encoded broadcast stream is encrypted or 
scrambled in a scrambler 2 under the control of the control word CW (step s3). The 

25 scrambled programme is multiplexed with a plurality of other programmes (step s4) 
in a multiplexer 6 and transmitted from a transmitter 7 via communications channel 
8 to a receiver 9, together comprising, for example, a sateUite communications link 
(step s5). A demultiplexer 1 1 extracts the required programme stream from the 
received signal (step s6), which is then sent to a set-top box 20, also referred to 

30 herein as a decoder (step s7). The decoder includes a descrambler 13 for 

descrambling the scrambled broadcast signal under the control of a control word. 
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An ECM server 21 is used to generate an ECM message which incorporates the 
control word CW without encryption (step s8), together with the access criteria 
described with reference to Figure 1. The subscription information which would 
conventionally be carried by an EMM message is incorporated into the ECM 
5 message. The ECM message is not multiplexed into the broadcast stream, but is 
sent to a second transmitter 22, from where it is transmitted by a second 
communications channel 23 to a second receiver 24 (step s9). The ECM message is 
passed from the second receiver 24 to a processor 25 within the set-top box 20 
(step slO). The processor 25 checks that the subscription information in the ECM 

10 is valid and extracts the control word CW from the ECM message (step sll). This 
is input to the descrambler 13 (step sl2). The descrambler 13 descrambles the 
broadcast stream using the control word (step si 3). The descrambled encoded 
stream is passed to an MPEG-II decoder 14 which produces an output signal 
comprising audio, video and data components (step sl4) which is sent for display 

15 on the subscriber's television 15 (step si 5). 

The communications channel 23 in this embodiment comprises a virtual private 
network (VPN). In other embodiments of the invention, the communications 
channel 23 comprises a cellular telephone network such as a GSM, UMTS or GPRS 

20 network, a conventional PSTN point-to-point telephone connection, a DSL 

connection, a secure HTTPS socket connection over the Internet, another IP based 
network, for example using streaming media, or a network based on a different 
protocol or any other form of communications link over satellite, cable, by 
terrestrial transmission or otherwise. In preferred embodiments of the invention, a 

25 secure link is used to enhance the security of the tranismitted control word. 

In the event that the receiver 24 comprises a mobile telephone, this can be linked to 
the set-top box by any suitable means, including for example, a cable or infra-red 
connection. 



While Figure 3 shows the second receiver 24 as separate from the set-top box 20, in 
an alternative embodiment, the second receiver 24 is located within the set-top box 
20, as shown by the dotted line marked 26 in Figure 3. For example, the second 
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receiver 24 provides a network connection which permits the set-top box 20 to be 
plugged into an appropriate network to provide the ECM message stream. 

Figure 5 illustrates the flow of signal data and the control word (CW) within the 
5 system of Figure 3. On the transmitter side, the control word CW is used to 
encrypt the unencrypted broadcast signal S in the scrambler 2 to generate an 
encrypted signal E(S). The encrypted signal E(S) is sent to the descramblet 13 on 
the receiver side, via the multiplexer 6 and demultiplexer 11. The control word CW 
is sent unencrypted to the transmitter 22 where it is encrypted for transmission over 
10 a virtual private network 23. The control word CW is decrypted at the receiver 24 
and sent to the descrambler 13 in unencrypted form, where it is used to descramble 
the encrypted signal E(S) to reproduce the original signal S. A smart card 
containing decryption keys is therefore not required in the set-top box. 

15 By transmitting the ECM on a separate channel from the broadcast stream, the 

ECM becomes individualised, i.e. it applies to an individual subscriber or group of 
, subscribers, so that a range of new services become available. A conditional access 
system according to the invention enables a third party to assemble a package of 
channels from different service providers and distribute the package in a secure way 

20 by encrypting the package with its own control words and transmitting the control 
words to each subscriber via a point-to-point connection. 

The above example has been described with the control word being inserted into 
the ECM message in unencrypted form and the ECM message being encrypted for 

25 transmission over the secure channel. In an alternative embodiment, a further level 
of encryption is applied by encrypting the control word CW into the ECM message, 
to increase the security of the conditional access system, in which case a smart card 
is again required in the set-top box. The smart card can be a software smart card or 
a virtual smart card. Alternatively, a second ECM smart card is provided as a travel 

30 smart card, so that if the first smart card for the set-top box is not in use, the 
second ECM smart card is used to allow point-to-point transmission of ECM 
messages, for example, in a roaming scenario as described below. 
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A conditional access system can be provided in which the possibility of roaming 
exists in an analogous way to roaming in a GSM network. A subscriber wishing to 
view a program using a set-top box arrangement in a different region from his home 
region requests authorisation from that region's service provider, using a travel 
5 smart card as described above. The service provider checks that a subscription 
arrangement exists between the subscriber and his home network and, if so, 
transmits the control word stream required to decrypt the required program to the 
subscriber over a point-to-point connection. 

10 Once a subscriber has requested point-to-point transmission of ECMs to his current 
location, the EMM information can be removed from the home region-based 
service by a subscriber authorisation system used by the service provider. This 
temporarily denies access to services at the subscriber's home location. 

15 The subscriber's home region -based decoder caii be a conventional decoder 

receiving ECMs transmitted with the broadcast stream. The decoder used at the 
roaming location is a decoder according to the invention, equipped to receive an 
ECM stream point-to-point. Two sets of ECMs are therefore being transmitted, the 
first multiplexed with the broadcast stream enabling viewing by the conventional 

20 decoder and the second ECM stream being transmitted over a separate channel 
from the broadcast stream to enable a decoder according to the invention to view 
the programme. 

To reduce the required number and calculation of ECM messages for individual 
25 subscribers, the personahsed ECM messages can be sent to groups of subscribers, 
the size of the group depending on the level of security required. A further way of 
reducing calculation needs is to send ECM messages for one channel only, rather 
tlian for every channel, since only the control words for the channel actually being 
watched need to be transferred. 

30 

The embodiments described above envisage the contents of the EMM messages 
being subsumed into the ECM messages. Of course, if it is desired to maintain the 
separation of the information, for example because EMM messages need to be sent 
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much less frequently than ECM messages, then EMM messages can continue to be 
sent, either incorporated in the broadcast stream, or via a separate channel, as 
explained for example in WO 98/43426, which is incorporated herein by reference. 
For example, to block use of the home decoder in the event that the roaming 
J facility is used, EMM messages sent to the first decoder can indicate that 

subscription rights ate not available while the roaming facility is in use. If the 
information that would conventionally be carried by an EMM message is not needed 
in a particular scenario, EMM messages need not be sent at all. 



10 
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Claims 

1. A conditional access system comprising a first transmitter for transmitting a 
scrambled broadcast stream and a second transmitter for transmitting a plurality of 

5 control messages separate from the broadcast stream, said control messages 
including information for descrambling the broadcast stream. 

2. A conditional access system according to claim 1, wherein said control 
messages are alone sufficient to permit the broadcast stream to be descrambled. 

10 

3. A conditional access system according to claim 1 or 2, wherein said 
information for descrambling the broadcast stream is incorporated into each of said 
control messages without being encrypted. 

/J 4. A conditional access system according to claim 1 or 2, wherein said 

information for descrambling the broadcast stream is encrypted prior to being 
incorporated into each of said control messages. 

5. A conditional access system according to any one of the preceding claims, 
20 further comprising a scrambler and a key generator for generating a stream of 

encryption keys, the scrambler being operable to encrypt a broadcast stream with 

the encryption key stream, the system further being operable to send the encryption 
key stream to a decoder for decoding the encrypted broadcast stream, said 
encrypted key stream comprising the information for descrambling the broadcast 
25 stream. 

6. A conditional access system according to any one of the preceding claims, 
wherein the second transmitter is arranged to transmit die descrambling information 
to a receiver using a point-to-point protocol. 

30 

7. A conditional access system according to any one of the preceding claims, 
wherein the second transmitter is arranged to transmit the descrambling information 
over a secure connection. 
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8. A conditional access system according to claim 7, wherein the secure 
connection comprises a virtual private network (VPN). 

S 9. A conditional access system according to any one of the preceding claims, 
wherein the control messages comprise entitlement control messages (ECM). 



10. A conditional access system comprising a first receiver for receiving a 
scrambled broadcast stream and a second receiver for receiving a plurality of 

10 control messages separate from the broadcast stream, the control messages 
including information for descrambUng the broadcast stream. 

11. A conditional access system according to claim 10, wherein the control 
messages are sent to the second receiver using a point-to-point protocol. 

IS 

12. A conditional access system according to claim 10 or 1 1, wherein the control 
messages are sent to the second receiver over a secure connection. 

13. A conditional access system according to claim 12, wherein the secure 
20 connection comprises a virtual private network (VPN). 

14. A conditional access system according to any one of claims 10 to 13, wherein 
the control messages comprise entitlement control messages (ECMs). 

2S 15. A conditional access system according to any one of claims 10 to 14, further 
comprising a decoder for descrambling the broadcast stream in accordance with the 
descrambUng information. 

16. A conditional access system according to any one of claims 10 to 15, wherein 
30 said information for descrambling the broadcast stream is incorporated into said 
control messages without being encrypted, whereby the decoder does not require a 
smart card for decryption. 
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J 



17. A conditional access system according to any one of claims 10 to 16, wherein 
. said second receiver comprises a mobile telephone. 

18. A decoder for use in a conditional access system for decrypting encrypted 
5 broadcast content, comprising: 

a first input module for receiving said encrypted broadcast content from a 
first communications channel; 

a second input module for receiving a plurality of control messages from a 
second communications channel, said control messages containing descrambhng 
10 information for decrypting said broadcast content. 

19. A decoder according to claim 18, further comprising a processor module for 
extracting said descrambling information from said control messages. 

15 20- A decoder according to claim 19, further comprising a descrambler for 

receiving said encrypted broadcast content and decrypting said content using said 
descrambling information. 

21. A decoder according to any one of claims 18 to 20, wherein said 

20 descrambling information is encrjrpted into said control messages, the decoder 
further comprising a smart card for decrypting said control messages. 

22. A method for use in a conditional access system, in which a scrambled 
broadcast stream is transmitted to a decoder, said decoder being operable to receive 

25 a plurality of control messages including information for descrambling the 

broadcast stream, the method comprising sending said control messages to said 
decoder separately from said broadcast stream. 

23. A method according to claim 22, comprising incorporating said descrambling 
30 information into the control messages without encrypting it. 



24. A method according to claim 23, comprising encrypting the control messages 
prior to sending them to the decoder. 
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25. A method according to claim 22, comprising sending the control messages 
over a secure channel. 

26. A method according to claim 25, wherein the secure channel comprises a 
virtual private network. 

27. A method for use in a conditional access system, in which a scrambled 
broadcast stream is transmitted to a first decoder and a second decoder, said first 
and second decoders being operable to receive a plurality of control messages 
including information for descrambhng the broadcast stream, the method 
comprising receiving a request to transmit a plurality of control messages to said 
second decoder separately from the broadcast stream. 

28. A method according to claim 27, wherein said control messages are alone 
sufficient to descramble said broadcast stream. 

29. A method according to claim 27 or 28, further comprising denying a service 
to the first decoder while the plurality of control messages is being sent to the 
second decoder. 

30. A conditional access system, comprising: 

a first communications channel for carrying a broadcast stream, said stream 
being scrambled with a stream of control words; 

a second communications channel separate from the first channel for 
carrying a stream of entitlement control messages, said entidement control messages 
incorporating information relating to the stream of control words for descrambhng 
the broadcast stream. 

31. A conditional access system according to claim 30, wherein said entidement 
control messages alone contain all of the information required to descramble the 
broadcast stream. 
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